Jerry Cwiklik created UIMA-4813:
-----------------------------------
Summary: UIMA-AS: upgrade ActiveMQ to 5.13.1
Key: UIMA-4813
URL: https://issues.apache.org/jira/browse/UIMA-4813
Project: UIMA
Issue Type: Bug
Components: Async Scaleout
Reporter: Jerry Cwiklik
Assignee: Jerry Cwiklik
Fix For: 2.8.1AS
Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the
system, caused by the failure to restrict the classes that can be serialized in
the broker. An attacker could exploit this vulnerability using a specially
crafted serialized Java Message Service (JMS) ObjectMessage object to execute
arbitrary code on the system.
Fix for this is in 5.13.release. Upgrade UIMA-AS to the latest version (5.13.1)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
